On 13 Jul 2006 at 12:13, bennettwang wrote:
> Of course, the symmetric key algorithms can provide authentication.
> only the user who have the key can open and use the data can provide a
> authtication function. but it is difficult for the symmertric key
> algorithms to deploy the key.
The problem with calling this "authentication" is that "the user" is NOT
the ONLY possessor of the key. The key is shared amongst AT LEAST two
entities AND some kind of key distribution mechanism. (Some particularly
poorly implemented symmetric systems don't even bother to create different
keys for each session or each user, but rely on a single key to secure the
entire *system*. I know of no asymmetric systems that do this, although it
is certainly possible to build one.)
An asymmetric algorithm is usually implemented to guarantee that each
private key really IS private, known only to a single unique entity. Once
you start using symmetric keys (which MUST be shared to at least a minimum
extent), verifying that they are shared only with appropriate entities who
use them only in the prescribed fashion is essentially impossible.
David Gillett